We in Basefarm manage mission critical applications and today all application owners would like to get more code and innovations out in production faster. Manual deployments of code takes too much time and money, and is also more dependent on people doing deployment correctly. In order to speed up the release cycle an automatic deployment process is needed. Läs mer

Are you prepared for social engineering and the Next Big Corporate hack?

Have you opened the front door for anyone who came knocking or made way for an unknown contractor? If so, you might have been victim of social manipulation-based hacking. Training, exercise and countermeasures can help, and this also applies to the Next Big Corporate hack which surely can strike even you.

Two factor authentication, different usernames and passwords for different services, patching of web systems, firewalls, control with IoT units, and avoidance of attachments and links in emails from unknown senders work well against hacking.

All of these methods are IT based and quite common, and here you can read what we in Basefarm have written earlier about this. Analysis of actual data interruption shows that these simple measures prevent most attacks.

Social engineering

But, back to where we started. Have you seen a contractor walking in the corridors without knowing where they came from, where they are going or what they shall do? Is it common to have new people in your surroundings, as temporary workers and consultants? Or have you driven into a garage facility and simply nodded friendly to the well-dressed pedestrian who walked in while you kept the gate open? Or mounted an unknown USB stick into your computer to see what was on it?

Many of us have done things like this. In the field of information security this may have been about psychological manipulation, which is called “social engineering” in professional terms.

Beware these techniques

Pretexting – the hacker will obtain some personal information to establish legitimacy in the mind of the victim and use this to increase the chances the victim will divulge more information or perform actions that would be unlikely in ordinary circumstances.

Baiting – someone leaves a malware-infected USB flash drive in locations where people will find them, and give them legitimate labels which pique curiosity.

Tailgating – an attacker walks in behind you. You feel it is hard to ask the welldressed man or woman to identify themselves, as you do not want to be exposed to negative reactions. And, after all, it is not your job, right?

Phishing – the phisher sends an email that appears to come from a legitimate business, requesting verification of information and linking to a fraudulent web page.

Spear phishing – while phishing emails are sent in large numbers speculating that a few will take the bait, spear phising are highly customized emails to few end users. This is naturally much more work for the hacker, but probably has a hit rate ten times higher.

Confidence tricksters – can also be considered social engineers. They gain confidence by manipulating people into giving access to offices or confidential information.

When we read about these techniques, we might think: This is strange, This happens rarely, It is very unlikely that we will be struck.

Unlikely might become likely

Or, is it really? Since it is unlikely, the methods might work nicely if someone tries them out.

Therefore, you should look to preventive measures like:

Include social engineering in the company information security program.

Regularly teach and facilitate self-studies. One way is to make e-learning programs including exams (tip: see survey tools) employees must pass.

Practice. For most of us, it is really hard to stop someone and ask why they are there. Practice will help to overcome such barriers. If there is one thing which builds awareness and organizations drop to do for some obscure reason, it is emergency practice

Protect and prevent

Many want your vulnerable personal or company data, including credit card information. While we can protect ourselves, we can hardly protect us from attacks as the infamous Yahoo breach which hit half a billion users. This writer has been involved in no less than four such breaches including Adobe in October 2013, Disqus in October 2017, Dropbox in mid-2012 and LinkedIn in May 2016, where 164 million email addresses and passwords were exposed.

How can I know? Well, you can check with the service Have I Been Pwned brought to us by security researcher Troy Hunt.

When any of these Big Corporates are hacked, you are too. New hacks are likely and if you are a heavy net services and social media user the probability that you can be hit is surely there.

So, what to do? Either you are hit through phishing, spear phishing or indirectly through a Big Corporate Hack, so you should never reuse passwords. Instead, get a password manager as that allows you to create unique usernames and passwords for each service you sign up to by using a single master password that can, for example, be a long sentence. A master password such as “I like trains, would you like to fly with me to Canada next year?” is both easier to remember and harder to break by brute force methods, compared to “u(!3%N,#”. Depending on the password manager, it can also automatically sign you in to the websites if you have authenticated in the password manager, thus saving you time.

One last thing. If your credit card might have been involved, block the card through the issuers service. They will be more than happy to replace it.

Cookie and Privacy Settings

How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, you cannot refuse them without impacting how our site functions. You can block or delete them by changing your browser settings and force blocking all cookies on this website.

Google Analytics Cookies

These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.

If you do not want that we track your visist to our site you can disable tracking in your browser here:

Click to enable/disable Google Analytics tracking.

Other external services

We also use different external services like Google Webfonts, Google Maps and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Click to enable/disable Google Webfonts.

Google Map Settings:

Click to enable/disable Google Maps.

Vimeo and Youtube video embeds:

Click to enable/disable video embeds.

Cookie policy Basefarm

COOKIE POLICY BASEFARM

1. COOKIES 1.1 What are cookies?

By using the website you consent to that Basefarm stores cookies on your computer. Cookies are small text files that are placed on your computer while you are browsing a website.

1.2 Basefarm’s use of cookies

Basefarm uses cookies to facilitate your use of our website. This includes using the information collected by the cookies to confirm your login and to remember personalised details and to facilitate the availability of the services on the website.

Cookies are also used to collect information on how the website is used. In addition, with our cooperation partners we collect anonymous information of which browsers that visit the website to show relevant advertising (interest based advertising).

1.3 Manage your cookies

Most browsers are set up to automatically accept cookies. By changing your browser’s settings you can choose between accepting cookies, receiving information when a cookie is placed, or blocking cookies. The way to manage cookies may differ between browsers, but normally the menu is reached through tools or alternatives. If you decide to block Basefarm’s cookies, this may limit the functionality of the website.

You can find more information about cookies and how to delete or block cookies on the website www.allaboutcookies.org.

1.4 More detailed information

Cookie

Cookie used and domain

Typ of Cookie

What does it do?

How long is the cookie saved?

SESSxxxxxxxxxxxxxxxxxxx

basefarm.com

Session cookie

The cookie is used to keep information (not password) about the site editors (Basefarm marketing department)

1. Introduction Basefarm is committed to protect and respect your privacy. With this privacy policy Basefarm describes how it ensures that your personal data and other data is processed in accordance with applicable data protection laws and cookie legislation.

2. Data controller Basefarm AS, reg. no. 982 211 743, Nydalen Allé 37a, 0484 Oslo, Norway, is the data controller in relation to personal data being processed on the Norwegian and English versions of the website. Basefarm AB, reg. no. 556638-0639, Sveavägen 159, 113 46 Stockholm, Sweden, is the data controller in relation to personal data being processed on the Swedish version of the website. Basefarm BV reg. no. [•], Beechavenue 106, 1119 PP Schiphol-Rijk, Netherlands, is the data controller in relation to personal data being processed on the Dutch version of the website. The aforementioned Basefarm entities are collectively referred to as “Basefarm” in the following. You will find Basefarm’s contact information under section 10.

3. When does basefarm collect personal data? When you or your employer sets up an account or signs up for Basefarm’s newsletter; When you apply for a job at Basefarm or otherwise send a job application to Basefarm; In the event you turn to Basefarm with inquiries or requests via e-mail or telephone; and If you have accepted the use of cookies, Basefarm may also collect your IP address. For more information about Basefarm’s use of cookies, please see section 12.

4. What data may Basefarm collect? The personal data Basefarm may collect includes information about your name and contact details such as address, telephone number and e-mail address, company and any other information you provide. If you apply for a job at Basefarm, Basefarm will process your CV as well as any other information you attach with your application.

5. How does Basefarm process personal data? The personal data collected by Basefarm is used to manage customer relations, assess potential employees and assist customers and website visitors with any requests or inquiries made on the website. The information may also be used for monitoring and development of Basefarm’s business and website, for example by analyzing statistics of website visitors, and to protect Basefarm’s rights. If you apply for a job, Basefarm only uses your personal data for the purposes for which you provided the information. However, Basefarm may save interesting applications even after the recruitment period is over. Such applications may also be transferred to other entities within the Basefarm group.

6. To whom may Basefarm disclose the information? Basefarm will not sell, lease or otherwise transfer any personal data collected to a third party. Basefarm may however transfer the personal data to other companies within the Basefarm group or to business partners if it is necessary to fulfil its obligations towards you. Personal data may be disclosed if it is necessary to: a) Comply with applicable law, regulation or similar or to comply with a legal process, request or order from an executive authority; b) Defend Basefarm’s legal interests; or to c) Detect, prevent, or otherwise avoid fraud, security breaches or technical issues.

7. Links to external websites Basefarm’s website may contain links to third-party websites. Basefarm is not responsible for the processing of your personal data on such websites.

8. Amendments If this policy is amended, Basefarm will publish the amended policy at www.basefarm.com with information about when the amendments will enter into force. If Basefarm carry out any significant changes to the policy, Basefarm may choose to inform by e-mail or by publishing a message on the website.

9. The right to information and recifications You have the right to require information about what personal data Basefarm is processing about you and for what purposes. You are also entitled to have any incomplete or inaccurate data rectified, erased or blocked. Please see the contact information in section 10 should you have any questions about how Basefarm processes your personal data.

11. Security measures Basefarm has taken the organizational and technical security measures required to protect personal data against unauthorized access, modification and deletion.

Preferens

Keep in touch with us - we’re aware that your inbox is a sacred place, and we’ve, built this page to put you in control.

With your email registration you are accepting that Basefarm is storing your personal data information and is using it to administrate your registration. We would like to send you personal emails with company news, content, invitation to events, webinars, reports, offerings, product and service information. Please check the boxes below what kind of personal information you would like to receive from us.

I am hereby giving consent that Basefarm is sending me emails on following topics:

Check to enable permanent hiding of message bar and refuse all cookies if you do not opt in. We need 2 cookies to store this setting. Otherwise you will be prompted again when opening a new browser window or new a tab.